From 09a146b54c27838e816cabaf418f583f02f611b2 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Mon, 6 Apr 2020 10:45:46 +0200 Subject: [PATCH] Make CKAN and ODK add-ca-cert parametrizable --- apk/spoc | 2 +- lxc-apps/ckan/ckan-datapusher.image.d/bin/add-ca-cert | 5 ++++- lxc-apps/ckan/install.sh | 1 + lxc-apps/ckan/install/datapusher_conf/add-ca-cert.env | 2 ++ lxc-apps/opendatakit/app | 1 + lxc-apps/opendatakit/install.sh | 1 + lxc-apps/opendatakit/install/odkbuild_conf/add-ca-cert.env | 2 ++ .../opendatakit/opendatakit-build.image.d/bin/add-ca-cert | 4 +++- 8 files changed, 15 insertions(+), 3 deletions(-) create mode 100644 lxc-apps/ckan/install/datapusher_conf/add-ca-cert.env create mode 100644 lxc-apps/opendatakit/install/odkbuild_conf/add-ca-cert.env diff --git a/apk/spoc b/apk/spoc index b3f2a4b..d70fe97 160000 --- a/apk/spoc +++ b/apk/spoc @@ -1 +1 @@ -Subproject commit b3f2a4be70309c51a3a119cc32bd01ec1a08d2de +Subproject commit d70fe9756a978e231a504fdc740a829bf343ad55 diff --git a/lxc-apps/ckan/ckan-datapusher.image.d/bin/add-ca-cert b/lxc-apps/ckan/ckan-datapusher.image.d/bin/add-ca-cert index 692b577..bbf8479 100755 --- a/lxc-apps/ckan/ckan-datapusher.image.d/bin/add-ca-cert +++ b/lxc-apps/ckan/ckan-datapusher.image.d/bin/add-ca-cert @@ -2,7 +2,10 @@ import ssl -cert = ssl.get_server_certificate(('host', 443)) +with open('/etc/ckan-datapusher/add-ca-cert.env') as f: + env = dict(tuple(line.split('=')) for line in f.read().splitlines()) + +cert = ssl.get_server_certificate((env['DOMAIN'], env['PORT'])) with open('/usr/lib/python2.7/site-packages/requests/cacert.pem', 'a') as f: f.write(cert) diff --git a/lxc-apps/ckan/install.sh b/lxc-apps/ckan/install.sh index 85a8226..5719589 100755 --- a/lxc-apps/ckan/install.sh +++ b/lxc-apps/ckan/install.sh @@ -47,6 +47,7 @@ spoc-container start ckan-solr # Configure CKAN DataPusher install -o 100000 -g 108080 -m 750 -d ${DATAPUSHER_CONF} install -o 108080 -g 108080 -m 750 -d ${DATAPUSHER_DATA} +install -o 100000 -g 108080 -m 640 datapusher_conf/add-ca-cert.env ${DATAPUSHER_CONF}/add-ca-cert.env install -o 100000 -g 108080 -m 640 datapusher_conf/datapusher.wsgi ${DATAPUSHER_CONF}/datapusher.wsgi install -o 100000 -g 108080 -m 640 datapusher_conf/datapusher_settings.py ${DATAPUSHER_CONF}/datapusher_settings.py diff --git a/lxc-apps/ckan/install/datapusher_conf/add-ca-cert.env b/lxc-apps/ckan/install/datapusher_conf/add-ca-cert.env new file mode 100644 index 0000000..4ee453b --- /dev/null +++ b/lxc-apps/ckan/install/datapusher_conf/add-ca-cert.env @@ -0,0 +1,2 @@ +DOMAIN=ckan.spotter.vm +PORT=443 diff --git a/lxc-apps/opendatakit/app b/lxc-apps/opendatakit/app index 61cff8d..1c93ee5 100644 --- a/lxc-apps/opendatakit/app +++ b/lxc-apps/opendatakit/app @@ -24,6 +24,7 @@ "opendatakit-postgres" ], "mounts": { + "opendatakit/odkbuild_conf/add-ca-cert.env": "srv/opendatakit-build/add-ca-cert.env:file" "opendatakit/odkbuild_conf/config.yml": "srv/opendatakit-build/config.yml:file" } }, diff --git a/lxc-apps/opendatakit/install.sh b/lxc-apps/opendatakit/install.sh index 96fa595..5f4465b 100755 --- a/lxc-apps/opendatakit/install.sh +++ b/lxc-apps/opendatakit/install.sh @@ -31,6 +31,7 @@ install -o 108080 -g 108080 -m 640 odk_conf/server.xml ${ODK_CONF}/server.xml # Configure OpenDataKit Build export OPENDATAKITBUILD_COOKIE_SECRET=$(head -c 8 /dev/urandom | hexdump -e '"%x"') install -o 108080 -g 108080 -m 750 -d ${ODKBUILD_CONF} +install -o 108080 -g 108080 -m 640 odkbuild_conf/add-ca-cert.env ${ODKBUILD_CONF}/add-ca-cert.env envsubst